Skip to content

Code-cleanup of git rate-limiting services

Hinam Mehra requested to merge 367610-reuse-git-throttle-services-code into master

What does this MR do and why?

  • Admins can already configure how many projects they will allow a user to download within a certain time-period. And whether the user should be banned if they exceed that. This MR refactors the services responsible for project download rate-limiting & banning.
  • ExcessiveProjectsDownloadBanService -> GitAbuse::ApplicationThrottleService.
  • Common code is abstracted in a BaseThrottleService
  • Returns ServiceResponse from services instead of hash

Screenshots or screen recordings

How to set up and validate locally

1. Application-level throttling

  1. Turn on the feature flags and ensure you are on the Ultimate license

    $ rails console
> License.feature_available?(:git_abuse_rate_limit)
> Feature.enable(:git_abuse_rate_limit_feature_flag)

  2. Using an admin user (root), set the application settings for the feature on http://localhost:3000/admin/application_settings/reporting

  1. Try cloning any 2 projects within 5 minutes
   $ rails console
   > git clone http://127.0.0.1:3000/gitlab-org/gitlab-test.git
    .. cloned 

   > git clone http://127.0.0.1:3000/gitlab-org/gitlab-shell.git
   remote: You are not allowed to download code from this project.
   fatal: unable to access 'http://127.0.0.1:3000/gitlab-org/gitlab-test.git/': The requested URL returned error: 403

2. Namespace-level throttling

  1. Turn on the feature flags and ensure you are on the Ultimate license

    $ rails console
> License.feature_available?(:unique_project_download_limit)
> Feature.enable(:limit_unique_project_downloads_per_namespace_user)
> Feature.disable(:git_abuse_rate_limit_feature_flag)

  2. Using an admin user (root), set the application settings for the feature on http://localhost:3000/groups/gitlab-org/-/settings/reporting

  1. Try cloning any 2 projects from that namespace within 5 minutes as a developer 
   $ rails console
   > git clone http://127.0.0.1:3000/gitlab-org/gitlab-test.git
    .. cloned 

   > git clone http://127.0.0.1:3000/gitlab-org/gitlab-shell.git
   remote: You are not allowed to download code from this project.
   fatal: unable to access 'http://127.0.0.1:3000/gitlab-org/gitlab-test.git/': The requested URL returned error: 403

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #367610

Edited by Hinam Mehra

Merge request reports